The SUSE operating system audit event multiplexor must be configured to use Kerberos.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-234967	SLES-15-030680	SV-234967r622137_rule		Low

Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Audit events that may include sensitive data must be encrypted prior to transmission. Kerberos provides a mechanism to provide both authentication and encryption for audit event records.

Description

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Audit events that may include sensitive data must be encrypted prior to transmission. Kerberos provides a mechanism to provide both authentication and encryption for audit event records.

STIG	Date
SUSE Linux Enterprise Server 15 Security Technical Implementation Guide	2021-11-30

Details

Check Text ( C-38155r619170_chk )
Determine if the SUSE operating system audit event multiplexor is configured to use Kerberos by running the following command: > sudo grep enable_krb5 /etc/audisp/audisp-remote.conf enable_krb5 = yes If "enable_krb5" is not set to "yes", or is commented out, this is a finding.

Fix Text (F-38118r619171_fix)
Configure the SUSE operating system audit event multiplexor to use Kerberos by editing the "/etc/audisp/audisp-remote.conf" file. Edit or add the following line to match the text below: enable_krb5 = yes